From 07286b1523d66e841a54629c1b0f920fb9d76af0 Mon Sep 17 00:00:00 2001
From: Christopher Maddalena <chris.maddalena@protonmail.com>
Date: Mon, 21 Aug 2023 13:40:43 -0700
Subject: [PATCH] Updated for v4.0.0-rc2

---
 CHANGELOG.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 397a5ce1e..05e6d2e59 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [4.0.0-rc2] - 18 August 2023
+## [4.0.0-rc2] - 21 August 2023
 
 ### Added
 
@@ -13,6 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   * `SESSION_COOKIE_AGE` sets the number of seconds a session cookie will last before expiring
   * `SESSION_EXPIRE_AT_BROWSER_CLOSE` sets whether the session cookie will expire when the browser is closed
   * `SESSION_SAVE_EVERY_REQUEST` sets whether the session cookie will be saved on every request
+* Added support for two-factor authentication using TOTP
 
 ### Changed
 
@@ -20,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   * This allows accounts with the `user` role to edit project components without permission to edit the project or its assignments
 * Moved project assignments to the new "People" tab on the project dashboard
 * Hid menus and buttons for features that are not available to the current user
+* Access to the admin console is now routed through the main login form to require 2FA (if enabled for the user)
 
 ### Fixed
 
@@ -30,7 +32,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Removed the unused `restricted` account role
   * This is clean-up for the release candidate; the `restricted` role was experimental and never implemented in the access controls
 * Removed the `user` role's privileges to create, edit, and delete project assignments and client contacts to better adhere with the role's intended permissions
-* Removed permissions for updating report templates via teh GraphQL API
+* Removed permissions for updating report templates via the GraphQL API
   * This option will return in a future release when it will be possible to upload a template file via the API
 
 ## [4.0.0-rc1] - 30 June 2023